Fri Apr 19 21:24:48 UTC 2013patches/packages/xorg-server-1.12.4-i486-1_slack14.0.txz: Upgraded. This update fixes an input flush bug with evdev. Under exceptional conditions (keyboard input during device hotplugging), this could leak a small amount of information intended for the X server. This issue was evaluated to be of low impact. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940 http://lists.x.org/archives/xorg-devel/2013-April/036014.html (* Security fix *)patches/packages/xorg-server-xephyr-1.12.4-i486-1_slack14.0.txz: Upgraded.patches/packages/xorg-server-xnest-1.12.4-i486-1_slack14.0.txz: Upgraded.patches/packages/xorg-server-xvfb-1.12.4-i486-1_slack14.0.txz: Upgraded.+--------------------------+

Thu May 16 21:42:08 UTC 2013patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz: Upgraded. This update fixes a security issue in DL and Fiddle included in Ruby where tainted strings can be used by system calls regardless of the $SAFE level setting. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2065 http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ (* Security fix *)+--------------------------+

Mon May 20 21:01:33 UTC 2013patches/packages/linux-3.2.45/*: Upgraded. Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local users to gain a root shell. Be sure to upgrade your initrd and reinstall LILO after upgrading the kernel packages. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094 (* Security fix *)+--------------------------+

Wed May 22 14:11:13 UTC 2013patches/packages/linux-3.2.45/*: Rebuilt. It appears a bad commit slipped into 3.2.45 and it's causing problems on systems that use Intel graphics. The commit has been reverted in the kernel source packages and the kernels and modules have been rebuilt. If you ran into the black screen problem before, this should fix it up.+--------------------------+

Mon Jun 3 22:10:16 UTC 2013patches/packages/linux-3.2.45/*: Rebuilt. One more reverted commit. This one was leading to hangs on systems with Intel graphics. The previous revert was also reverted in 3.2.46, but it seems safer to just get this one manually than to take the newer kernel and still have to do another patch to it anyway. Hopefully the third time is the charm. :)+--------------------------+

Mon Jun 10 21:51:54 UTC 2013patches/packages/php-5.4.16-i486-1_slack14.0.txz: Upgraded. This is a bugfix release. It also fixes a security issue -- a heap-based overflow in the quoted_printable_encode() function, which could be used by a remote attacker to crash PHP or execute code as the 'apache' user. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110 (* Security fix *)+--------------------------+

Sat Jun 29 22:08:25 UTC 2013patches/packages/mozilla-firefox-17.0.7esr-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html (* Security fix *) We had to switch to ESR here as well, as there's a problem running Firefox 22.0 on Slackware 14.0 under KDE (crash when oxygen-gtk2 is installed). Forcing people to uninstall oxygen-gtk2 isn't really an option for a security fix, and upgrading to the latest oxygen-gtk2 did not help. It's possible that future Firefox/Thunderbird security updates will always come from the ESR branch.patches/packages/mozilla-thunderbird-17.0.7-i486-1_slack14.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html (* Security fix *)+--------------------------+

Wed Jul 10 07:15:30 UTC 2013patches/packages/dbus-1.4.20-i486-4_slack14.0.txz: Rebuilt. This update fixes a security issue where misuse of va_list could be used to cause a denial of service for system services. Vulnerability reported by Alexandru Cornea. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168 (* Security fix *)+--------------------------+

Tue Jul 16 21:18:56 UTC 2013patches/packages/php-5.4.17-i486-1_slack14.0.txz: Upgraded. This update fixes an issue where XML in PHP does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113 (* Security fix *)+--------------------------+